peterburgess
Posts: 14 +0
1. Can't access ms windowsupdate page -> network errors
2. GMER warning about RootKit Activity...
3. Can't post this message from the funky machine.
Message (1/2)
Google search of this error message message lead me to these forums. I've executed the 8 steps of information gathering.
Quick Summary
1. Ran avira-antivus: No errors detected
2. Ran TFC. No errors.
3. Ran MalwareBytes
Quick scan> Rogue.thinkpoint file infection. removed
2 Registry problems: MS a-v notification disabled
Full scan> Backdoor moveMediaPlayer file infection
4. Gmer - warning RootKit Activity
5. DDS
FULL LOGS:
============================================
Avira AntiVir Personal
Report file date: Monday, December 13, 2010 10:01
Scanning for 3141477 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Peter
Computer name : SKYROOM
Version information:
BUILD.DAT : 10.0.0.607 31826 Bytes 11/30/2010 19:17:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 11/30/2010 22:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 11/30/2010 22:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:13:29
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:13:30
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:13:32
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 22:13:34
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 22:13:35
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 22:13:35
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 22:13:35
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 22:13:35
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 22:13:35
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 22:13:35
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 22:13:36
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 22:13:36
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 22:13:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 22:13:36
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 22:13:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 22:13:36
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 22:13:36
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 22:13:36
VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 22:16:23
VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 13:59:21
VBASE025.VDF : 7.10.14.203 120320 Bytes 12/7/2010 13:59:23
VBASE026.VDF : 7.10.14.230 137216 Bytes 12/9/2010 13:59:26
VBASE027.VDF : 7.10.14.231 2048 Bytes 12/9/2010 13:59:27
VBASE028.VDF : 7.10.14.232 2048 Bytes 12/9/2010 13:59:27
VBASE029.VDF : 7.10.14.233 2048 Bytes 12/9/2010 13:59:27
VBASE030.VDF : 7.10.14.234 2048 Bytes 12/9/2010 13:59:27
VBASE031.VDF : 7.10.15.2 114176 Bytes 12/13/2010 13:59:29
Engineversion : 8.2.4.122
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/30/2010 22:13:13
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 14:00:29
AESCN.DLL : 8.1.7.2 127349 Bytes 11/30/2010 22:13:12
AESBX.DLL : 8.1.3.2 254324 Bytes 11/30/2010 22:13:12
AERDL.DLL : 8.1.9.2 635252 Bytes 11/30/2010 22:13:12
AEPACK.DLL : 8.2.4.1 512375 Bytes 12/13/2010 14:00:20
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/30/2010 22:13:11
AEHEUR.DLL : 8.1.2.54 3113335 Bytes 12/13/2010 14:00:13
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:59:43
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:59:41
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/30/2010 22:13:06
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:59:37
AEBB.DLL : 8.1.1.0 53618 Bytes 11/30/2010 22:13:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 11/30/2010 22:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 11/30/2010 22:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 11/30/2010 22:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 11/30/2010 22:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 11/30/2010 22:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 11/30/2010 22:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 11/30/2010 22:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/30/2010 22:13:38
Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Monday, December 13, 2010 10:01
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'cli.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'netWaiting.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MskAgent.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcmon.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mcappins.exe' - '1' Module(s) have been scanned
Scan process 'mghtml.exe' - '1' Module(s) have been scanned
Scan process 'mcappins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'cli.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'netWaiting.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MskAgent.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'LinksysUpdater.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'avgchsvx.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '1792' files ).
End of the scan: Monday, December 13, 2010 10:04
Used time: 02:38 Minute(s)
The scan has been done completely.
0 Scanned directories
2371 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2371 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
==================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5306
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/13/2010 10:51:40 AM
mbam-log-2010-12-13 (10-51-40).txt
Scan type: Quick scan
Objects scanned: 175970
Time elapsed: 13 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Kendra\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
==============================================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5306
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/13/2010 12:42:00 PM
mbam-log-2010-12-13 (12-42-00).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 255880
Time elapsed: 1 hour(s), 40 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Kendra\application data\move networks\movemediaplayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
===============================================
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-13 13:06:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: jmrxk608.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\uxddypog.sys
---- System - GMER 1.0.15 ----
SSDT B0AAD22E ZwCreateKey
SSDT B0AAD224 ZwCreateThread
SSDT B0AAD233 ZwDeleteKey
SSDT B0AAD23D ZwDeleteValueKey
SSDT B0AAD242 ZwLoadKey
SSDT B0AAD210 ZwOpenProcess
SSDT B0AAD215 ZwOpenThread
SSDT B0AAD24C ZwReplaceKey
SSDT B0AAD247 ZwRestoreKey
SSDT B0AAD238 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? xywcw.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CB000C
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01BB000A
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EA000A
.text C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe[2344] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 0042E060 C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (Hitman Pro 3.5/SurfRight B.V.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0185000A
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0186000A
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0184000C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2748] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5440] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 85312292
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat AB3B1D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC74P#5&24cbc6ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a37f0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016383a37f0 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet D4300 series (Copy 1)@ChangeID 555625
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
============================
2. GMER warning about RootKit Activity...
3. Can't post this message from the funky machine.
Message (1/2)
Google search of this error message message lead me to these forums. I've executed the 8 steps of information gathering.
Quick Summary
1. Ran avira-antivus: No errors detected
2. Ran TFC. No errors.
3. Ran MalwareBytes
Quick scan> Rogue.thinkpoint file infection. removed
2 Registry problems: MS a-v notification disabled
Full scan> Backdoor moveMediaPlayer file infection
4. Gmer - warning RootKit Activity
5. DDS
FULL LOGS:
============================================
Avira AntiVir Personal
Report file date: Monday, December 13, 2010 10:01
Scanning for 3141477 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Peter
Computer name : SKYROOM
Version information:
BUILD.DAT : 10.0.0.607 31826 Bytes 11/30/2010 19:17:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 11/30/2010 22:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 11/30/2010 22:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:13:29
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:13:30
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:13:32
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 22:13:34
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 22:13:35
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 22:13:35
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 22:13:35
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 22:13:35
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 22:13:35
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 22:13:35
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 22:13:36
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 22:13:36
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 22:13:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 22:13:36
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 22:13:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 22:13:36
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 22:13:36
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 22:13:36
VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 22:16:23
VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 13:59:21
VBASE025.VDF : 7.10.14.203 120320 Bytes 12/7/2010 13:59:23
VBASE026.VDF : 7.10.14.230 137216 Bytes 12/9/2010 13:59:26
VBASE027.VDF : 7.10.14.231 2048 Bytes 12/9/2010 13:59:27
VBASE028.VDF : 7.10.14.232 2048 Bytes 12/9/2010 13:59:27
VBASE029.VDF : 7.10.14.233 2048 Bytes 12/9/2010 13:59:27
VBASE030.VDF : 7.10.14.234 2048 Bytes 12/9/2010 13:59:27
VBASE031.VDF : 7.10.15.2 114176 Bytes 12/13/2010 13:59:29
Engineversion : 8.2.4.122
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/30/2010 22:13:13
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 14:00:29
AESCN.DLL : 8.1.7.2 127349 Bytes 11/30/2010 22:13:12
AESBX.DLL : 8.1.3.2 254324 Bytes 11/30/2010 22:13:12
AERDL.DLL : 8.1.9.2 635252 Bytes 11/30/2010 22:13:12
AEPACK.DLL : 8.2.4.1 512375 Bytes 12/13/2010 14:00:20
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/30/2010 22:13:11
AEHEUR.DLL : 8.1.2.54 3113335 Bytes 12/13/2010 14:00:13
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:59:43
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:59:41
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/30/2010 22:13:06
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:59:37
AEBB.DLL : 8.1.1.0 53618 Bytes 11/30/2010 22:13:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 11/30/2010 22:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 11/30/2010 22:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 11/30/2010 22:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 11/30/2010 22:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 11/30/2010 22:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 11/30/2010 22:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 11/30/2010 22:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/30/2010 22:13:38
Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Monday, December 13, 2010 10:01
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'cli.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'netWaiting.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MskAgent.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcmon.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mshta.exe' - '1' Module(s) have been scanned
Scan process 'mcappins.exe' - '1' Module(s) have been scanned
Scan process 'mghtml.exe' - '1' Module(s) have been scanned
Scan process 'mcappins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'cli.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'netWaiting.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MskAgent.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'LinksysUpdater.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'avgchsvx.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '1792' files ).
End of the scan: Monday, December 13, 2010 10:04
Used time: 02:38 Minute(s)
The scan has been done completely.
0 Scanned directories
2371 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2371 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
==================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5306
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/13/2010 10:51:40 AM
mbam-log-2010-12-13 (10-51-40).txt
Scan type: Quick scan
Objects scanned: 175970
Time elapsed: 13 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Kendra\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
==============================================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5306
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/13/2010 12:42:00 PM
mbam-log-2010-12-13 (12-42-00).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 255880
Time elapsed: 1 hour(s), 40 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Kendra\application data\move networks\movemediaplayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
===============================================
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-13 13:06:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: jmrxk608.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\uxddypog.sys
---- System - GMER 1.0.15 ----
SSDT B0AAD22E ZwCreateKey
SSDT B0AAD224 ZwCreateThread
SSDT B0AAD233 ZwDeleteKey
SSDT B0AAD23D ZwDeleteValueKey
SSDT B0AAD242 ZwLoadKey
SSDT B0AAD210 ZwOpenProcess
SSDT B0AAD215 ZwOpenThread
SSDT B0AAD24C ZwReplaceKey
SSDT B0AAD247 ZwRestoreKey
SSDT B0AAD238 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? xywcw.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CB000C
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01BB000A
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EA000A
.text C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe[2344] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 0042E060 C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (Hitman Pro 3.5/SurfRight B.V.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0185000A
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0186000A
.text C:\WINDOWS\Explorer.EXE[3116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0184000C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2748] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5440] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 85312292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 85312292
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat AB3B1D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC74P#5&24cbc6ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a37f0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016383a37f0 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet D4300 series (Copy 1)@ChangeID 555625
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
============================